Bitlocker is activated on your private computer
What is Bitlocker?
Bitlocker is part of Microsoft Windows, and its purpose is to protect the data on a device from abuse after theft or loss of said device. It protects the device by encrypting the (hard drive of the) computer. In normal circumstances this is a perfectly normal security measure to prevent data loss. As a matter of fact, Tilburg University also applies the same security measure to the company devices.
To gain access to data on an encrypted hard drive, a key (Recovery Key) is required, which unlocks/decrypts the disk. Usually, when nothing has significantly changed on the computer, Windows enters this key automatically. However, in some cases (after a hardware or password change, for example), the computer can go into Recovery Mode. Access to Windows and the data will be denied until the Recovery Key is entered.
What is the problem?
It appears that, sometimes, you can (unknowingly) activate Bitlocker on a personal device when you install Microsoft Office 365 though the Tilburg University License. The Recovery Key to access the encrypted hard drive will then automatically be stored in the part of the Microsoft cloud owned by Tilburg University. If your personal computer goes into discovery mode, you can retrieve the Recovery Key from our part of the cloud via your Tilburg University account and thus unlock it again.
The problem arises at the moment you stop studying or working at Tilburg University because, with the loss of your Tilburg University account, you also lose access to your Recovery Key in the cloud.
This issue with Bitlocker is a default setting of Microsoft. We have reported this side effect to Microsoft.
How does this affect me?
We advise you to make a personal backup of this Recovery Key to avoid any issues in the future. Even though the Recovery Key is stored in the Tilburg University part of the Microsoft Cloud, you are the owner of your own Recovery Key(s).
If you haven’t backed up your Recovery Key and you are confronted with a situation where you need to enter your Recovery Key, it will be harder to retrieve it. Tilburg University could retrieve it for you in such a case, but it will be much harder to do so because your Tilburg University account is no longer available. It could also occur at a moment when IT-Support isn’t available.
How can I secure my Recovery Key
For security reasons, we will not send you your Recovery Key, but you can retrieve it yourself by following these steps:
Go to https://myaccount.microsoft.com and log in with your Tilburg University Account. Then go to “Overview” and then to “Manage Devices”. There, you can retrieve your Recovery Key per (encrypted) device. Save this code in a safe place like a password manager or on paper in a safe. Obviously, you should never save the key on the encrypted disk.
Tilburg University does not delete any devices that have been registered in the cloud, and thus, we don’t delete any Recovery Keys either. We are investigating other methods in an effort to improve the safeguarding of these keys if possible. In the meantime Tilburg University and other institutions are urging Microsoft to look for a better way to do this.
If you have any questions, please contact It Support though the Self-Service Portal or by sending an e-mail to email@example.com.
We trust to have informed you sufficiently this way.
With kind regards on behalf of LIS,
Corné van Nispen.
Director Library & IT Services